[英]What's the best way to secure data between an PHP webservice and a Android/Java application
And by that i don't mean using HTTPS, but data encryption. 而且,我的意思不是使用HTTPS,而是数据加密。
Is there a nice encryption method that i can use in PHP to encrypt the data and decrypt in Java? 我可以在PHP中使用一种很好的加密方法来加密数据并在Java中解密吗?
Thanks in advance. 提前致谢。
AES-256 is the same in both Java as PHP: the algorithm itself is naturally language agnostic, so you can just pick one. 两种Java中的AES-256与PHP都是相同的:该算法本身自然是与语言无关的,因此您只需选择一种即可。 That said, if you were to use HTTPS, the data would be encrypted either way, so perhaps you're overcomplicating things? 就是说,如果您要使用HTTPS,则无论哪种方式都会对数据进行加密,所以也许您使事情变得过于复杂了? Is the data that important and privacy-sensitive? 是数据重要和隐私敏感?
HTTPS does data encryption. HTTPS 做数据加密。 If you're planning to negotiate the encryption without any pre-shared keys then HTTPS is probably one of your best options. 如果您打算在不使用任何预共享密钥的情况下协商加密,那么HTTPS可能是您的最佳选择之一。 It's not trivial to get encryption done in a proper way, so it's usually best to leverage existing implementations. 以适当的方式完成加密并非易事,因此通常最好利用现有的实现。
If you are planning on using a shared key that the client and server each know about, then you do likely want to use AES . 如果您打算使用客户端和服务器各自都知道的共享密钥,那么您可能确实想使用AES 。 For the Java side see an example here . 对于Java方面,请参见此处的示例。 You'll have to search around for the PHP side. 您必须四处搜索PHP方面。 Be sure to follow all of the best practices if you're aiming for security. 如果您追求安全性,请务必遵循所有最佳做法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.